Explore CVEs related to SSRF vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SSRF CVEs published in 2018. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2018-20596 | Jspxcms v9.0.0 allows SSRF. | 9.8 | 0.36% | 2018-12-30 | 2024-11-21 |
| CVE-2018-20528 | JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter. | 6.5 | 0.22% | 2018-12-28 | 2024-11-21 |
| CVE-2018-20436 | The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. NOTE: a third party has reported that potentially unwanted behavior is caused by misconf | 8.1 | 0.48% | 2018-12-24 | 2024-11-21 |
| CVE-2018-20228 | Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. | 8.0 | 0.14% | 2018-12-19 | 2024-11-21 |
| CVE-2018-16598 | An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request. | 5.9 | 0.39% | 2018-12-06 | 2024-11-21 |
| CVE-2018-18843 | The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. | 10.0 | 0.25% | 2018-12-04 | 2024-11-21 |
| CVE-2018-18646 | An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. | 8.8 | 0.23% | 2018-12-04 | 2024-11-21 |
| CVE-2018-19651 | admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL. | 6.5 | 0.21% | 2018-11-28 | 2024-11-21 |
| CVE-2018-19047 | mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HTML without sanitising it, you're asking for trouble. | 10.0 | 0.35% | 2018-11-07 | 2024-11-21 |
| CVE-2018-18867 | An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. | 8.6 | 0.37% | 2018-10-31 | 2024-11-21 |
| CVE-2018-18753 | Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. | 9.8 | 2.46% | 2018-10-29 | 2024-11-21 |
| CVE-2018-16793 | Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | 8.6 | 2.31% | 2018-09-21 | 2024-11-21 |
| CVE-2018-16794 | Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. | 8.6 | 1.79% | 2018-09-18 | 2024-11-21 |
| CVE-2018-2463 | The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC. | 8.6 | 0.33% | 2018-09-11 | 2024-11-21 |
| CVE-2018-1789 | IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939. | 8.4 | 0.18% | 2018-09-07 | 2024-11-21 |
| CVE-2018-16444 | An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter. | 9.1 | 0.34% | 2018-09-04 | 2024-11-21 |
| CVE-2018-16409 | In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. | 8.6 | 0.23% | 2018-09-03 | 2024-11-21 |
| CVE-2018-15895 | An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858. | 7.5 | 0.37% | 2018-08-27 | 2024-11-21 |
| CVE-2018-10511 | A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. | 10.0 | 0.35% | 2018-08-15 | 2024-11-21 |
| CVE-2018-2445 | AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. | 9.6 | 0.24% | 2018-08-14 | 2024-11-21 |